form doesn't send

sasori · November 17, 2010, 1:37pm

UserIdentity




<?php


/**

 * UserIdentity represents the data needed to identity a user.

 * It contains the authentication method that checks if the provided

 * data can identity the user.

 */

class UserIdentity extends CUserIdentity

{

	/**

	 * Authenticates a user.

	 * The example implementation makes sure if the username and password

	 * are both 'demo'.

	 * In practical applications, this should be changed to authenticate

	 * against some persistent user identity storage (e.g. database).

	 * @return boolean whether authentication succeeds.

	 */

	private $_id;

	const ERROR_EMAIL_INACTIVE = 3;

	

	public function authenticate()

	{


		$record = Wsmembers::model()->findByAttributes(array('WSLoginName' => $this->username));

		$email = Wsmembers::model()->findByAttributes(array('WSEmailConfirmed' => 0));

		if($record === null)

			$this->errorCode = self::ERROR_USERNAME_INVALID;

		else if($record->WSLoginPassword !== sha1($this->password))

			$this->errorCode = self::ERROR_PASSWORD_INVALID;

		else if($email)

			$this->errorCode = self::ERROR_EMAIL_INACTIVE;

		else 

		{

			$this->_id = $record->MemberShipID;

			$this->setState('name', $record->WSLoginName);

			$this->errorCode = self::ERROR_NONE;

		}

		return !$this->errorCode;

	}

	

	public function getId()

	{

		return $this->_id;

	}


}

sasori · November 17, 2010, 2:16pm

now this one sends me the correct encrypted password from the table




			$form->attributes = $_POST['Wsmembers'];

			$CRI = new CDbCriteria;

			$CRI->select = 'WSLoginPassword';

			$CRI->condition = "WSEmailAddress = '".$form->WSEmailAddress."'";

			$pass = $form->find($CRI);

			if($pass !== null)

				{

					$to = $_POST['Wsmembers']['WSEmailAddress'];

					$subject = "Your Password";

					$message = "Your password is = '". $pass->WSLoginPassword ."'";

still trying how to decrypt that sha1 thing to email it to the user retrieving the password

andy_s · November 17, 2010, 2:21pm




still trying how to decrypt that sha1 thing to email it to the user retrieving the password

Sorry, but it’s impossible (almost) to decrypt SHA-1

sasori · November 17, 2010, 2:25pm

any tips/suggestion that I can do for this forget password email sending thing ?,

( i will be so dumb if I will store the passwords as plain text )

iivano71 · November 17, 2010, 3:27pm

upload Wsmembers model that i can create password recovery model for you

sasori · November 17, 2010, 3:56pm

thanks, but I’ll do it myself, I won’t mark this thread yet as solved, as I’ll go back to this and post if I got stuck again

jacmoe · November 17, 2010, 4:00pm

Nope, that’s not the way.

You send the user a password reset link, with a unique token.

No need to decode nor store the password as plain text.

When the user clicks on the link, she is taken to a ‘pick a new password’ page.

It’s much safer. IMO.

sasori · November 17, 2010, 4:07pm

ok thanks for this.i’ll try this now

jacmoe · November 17, 2010, 4:12pm

References:

http://stackoverflow.com/questions/4026123/password-recovery-with-sha1-password-hashing

http://stackoverflow.com/questions/3164978/php-help-with-password-reset-and-token-expiry